The DarkHydrus group has begun using a new version of the RogueRobin backdoor. This version is written in C# and in addition to using DNS Tunneling for command and control, can also use Google Drive.
Unit 42 has continued researching the Shamoon 3 attacks that impacted an oil and gas organization and identified another wiper Trojan
The Sofacy group continues to use variants of the Zebrocy payload in its attack campaigns.
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.
The Sofacy group continued their global attack campaigns between October and November, primarily targeting NATO-aligned nation states and former USSR states and delivering Zebrocy or Cannon.
Unit 42’s continued look into Sofacy reveals global attacks and wheels out new ‘Cannon’ trojan.
Unit 42’s continued look into OilRig analyzes the group’s operational tempo, including testing, weaponization and attack delivery.
Unit 42’s continued look into the OilRig threat group uncovers the use of spear-phishing emails to deliver an updated version the BONDUPDATER Trojan.
The OilRig group maintains their persistent attacks against government entities in the Middle East region using previously identified tools and tactics. As observed in previous attack campaigns, the tools used are not an exact duplicate of the previous attack and instead is an iterative variant. In this instance a spear phishing email was used containing
Following up on previous research, Unit 42 investigates the DarkHydrus threat group’s use of phishery to harvest credentials in the middle east. Read the full report.
Slithering between nation state and cybercrime: Unit 42 examines the Gorgon Group’s unsophisticated yet effective attacks. Read the full report.
Unit 42 uncovers DarkHydrus, a new threat actor group targeting Middle East government.
The OilRig group continues to adapt their tactics and bolster their toolset with newly developed tools. Get the full report from Unit 42.
Unit 42’s continued look at the Sofacy Group’s activity reveals the persistent targeting of government, diplomatic and other strategic organizations across North America and Europe.
The Sofacy threat group continues to use their DealersChoice framework to exploit Flash vulnerabilities in their attack campaigns. Read the latest from Unit 42
Unit 42 examines recent Sofacy group activities including multiple attacks to government entities.
Sign up to receive the latest news, cyber threat intelligence and research from Unit 42
By submitting this form, you agree to our Terms of Use and acknowledge our Privacy Statement.